#OurMine YouTube Hack

Source:

http://www.powerpyx.com/ourmine-are-back-youtube-hack-explained-channels-under-attack/

https://www.reddit.com/r/youtube/comments/62w7ag/ourmine_security_group_hacked_youtube/

http://www.tubefilter.com/2016/11/02/ourmine-hack-youtube-vidiq/

(https://www.youtube.com/results?search_query=%23OurMine)

 

Essentially a lot of big name Youtube Channel have their Youtube Title and description renamed to below:

 

It seems to both link to the YouTube Video and Link is broken.

 

The problem seem to stem from 3rd party services such as Network Partner Dashboard, VidIQ (Analytic Tool) which all have access to video descriptions/titles.

 

What happened:

  Quote
  • When a YouTuber wants to work with Omnia Media they must connect their channel to them and give certain privileges (that includes editing video details). Please note that this is the same process for any other YouTube network and not specific to Omnia Media. This could potentially happen with any other network and some of them have hundreds of thousands of partners.
  • The attackers supposedly hacked into Omnia Media’s systems. From there they had access to videos of all managed partners and could bulk edit them. Explanation: there are “managed” partners and “affiliates”. Out of Omnia Media’s roughly 1400 partners only 300 have the “managed” status. None of the 1100 partners with “affiliate” status were affected.
  • It seems like a security exploit with the YouTube API and neither Omnia Media nor YouTube adequately secured their systems against such attacks. Again, the API allows a third party, Omnia Media, to alter video details and this hack demonstrates how dangerous this is.
  • According to the video description that the hackers left behind, the goal may have been to showcase a security flaw with the current system.
  • None of the channels were compromised or hacked directly. The hackers did not obtain the passwords of these channels. An employee of Omnia Media confirmed to me that no personal data of us YouTubers was leaked during the attack.
  • All creators (including myself) still have access to their YouTube channels and social media. Everything should be fine once it gets fixed and the channels can keep posting videos.
  • Playlist names, channel names and video tags are not affected.
  • According to a tweet by Omnia Media, YouTube is actively working on restoring the video titles and descriptions. So at least they have backups and can roll back the metadata. Given that so many videos were hit at once it remains to be seen how swiftly YouTube will handle this. Most of these channels are well established and have been around for several years – so they have produced a large number of videos (many thousands on some). 6 hours after the hack none of my videos have been fixed yet. A handful of videos on other channels are fixed but it’s unclear if the creators changed them on their own or if YouTube did.

 

It Back at it again

Regarding April 13th Hack:

 

  Quote

April 13, 2017 – Studio71 YouTube Network hacked by OurMine

 

On April 13, 2017 a new OurMine hack happened, but this time it’s partners of popular YouTube network Studio71 (aka “The Collective” or “CDS”) that had their titles and descriptions changed. Again, the hackers exploited the same weakness in YouTube’s API to change video titles and descriptions of many channels partnered with the network. Be sure to read what went down during Omnia Media hack for the full explanation. Not all channels signed under Studio71 are affected, presumably managed partners only. Studio71’s network includes over 12,000 channels that reach a combined 5 billion video views per month. The network is particularly popular among entertainment and vlogging channels.

 

 

  Quote

Title: #OurMine – https://youtu.be/IdJuVgR_-7M (Read the Description)
Hey, it’s OurMine, don’t worry we are just testing your security, please contact us for more information

contactourmineteam@gmail.com
https://ourmine.org

THE BIGGEST HACK IN YOUTUBE HISTORY

 

Time to check your channels.

Leave a Reply

Your email address will not be published. Required fields are marked *